Project

Profile

Help

Task #1459

Updated by jcline@redhat.com over 8 years ago

Lazy sync introduces several new WSGI applications, processes, files, etc. SELinux rules need to be written to support lazy. 

 The following processes are new: 

  * squid 
    - I expect this to already have an SELinux policy somewhere and we probably don't need to do anything. 

  * pulp_streamer 
    - Currently set to run as the 'apache' user. 
    - Launches a twistd application in /srv/pulp/streamer.tac 
    - Its systemd unit and init script can be found in the streamer package in pulp for more information 
    - Currently runs in the 'system_u:system_r:unconfined_service_t:s0' context 
    - Reads a configuration file at '/etc/pulp/streamer.conf' 
    - Communicates with MongoDB 

 In addition to those processes, there are two new WSGI applications: 

  * streamer_auth.wsgi 
    - Reads '/etc/pulp/server.conf' 
    - Loads the RSA public key specified in the 'authentication' section, 'rsa_pub' value in above config 

  * content.wsgi 
    - Reads '/etc/pulp/server.conf' 
    - Loads the RSA private key specified in the 'authentication' section, 'rsa_key' value in above config 
    - calls `os.path.realpath` on provided file paths. These links will be in /var/www/pub/<something> and should resolve to something in /var/lib/pulp/content 
 

Back